[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Some late issues found in 3.1
My team lead is working on the PKCS #11 provider for openssl and found some issues in the spec.
<simo> relyea: FYI the pkcs3.1 spec mentione C_Derive in a few places, I assume it means C_DeriveKey as I see no function named just C_Derive documented in the spec
<simo> rey-crypto-b: it'd also be nice if it sat CKD_SHA1_KDF really is the X9.63 derive with sha1
<simo> I had to go to thje softoken source code to figure that out
<relyea> yes. where does it say C_Derive?
<simo> relyea: ^
<simo> relyea: in the ECDH parts
<simo> the whole section is rather poorly documented imo
<relyea> send me pointers and I'll let the editors know. We'll at least get it fixed for 3.2.
<simo> you can find "C_Derive" in 6.42.6 Deriving Additional Keys
<simo> (4 times)
<simo> relyea: while sections 6.3.17 and 6.3.18 does not seem to be sufficient to understand how to correctly use C_DeriveKey which is not even mentioned
<simo> ah they also mentione C_Derive instead of C_deriveKey in their tables
<relyea> OK, thanks!
<simo> (tables 78,79 and 80)
The critical thing, I think is the use of C_Derive rather than C_DeriveKey. I think it's a non-material change, since we clearly do not have a C_Derive function. We should at least fix it in 3.2. I think we are too late for 3.1 without an errata.
The other stuff is more 'nice to have'.
bob
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]